You can configure the FortiGate unit to log VPN events. For IPsec VPNs, Phase 1 and Phase 2 authentication and encryption events are logged. For information about how to interpret log messages, see the FortiGate Log Message Reference.
To log VPN events
- Go to Log & Report > Log Config > Log Settings.
- Verify that the VPN activity event option is selected.
- Select Apply.
To view event logs
- Go to Log & Report > Event Log > VPN.
- Select the Log location.
Sending tunnel statistics to FortiAnalyzer
By default, logged events include tunnel-up and tunnel-down status events. Other events, by default, will appear in the FortiAnalyzer report as "No Data Available". More accurate results require logs with
action=tunnel-stats, which is used in generating reports on the FortiAnalyzer (rather than the tunnel-up and tunnel-down event logs). The FortiGate does not, by default, send
To allow VPN
tunnel-stats to be sent to FortiAnalyzer, configure the FortiGate unit as follows using the CLI:
config system settings
set vpn-stats-log ipsec ssl
set vpn-stats-period 300